Re: [Qemu-devel] [PULL v3 00/38] QAPI patches for 2018-03-12, 2.12 softfreeze

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Eric Blake <eblake@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: QEMU Developers <qemu-devel@nongnu.org>, Max Reitz <mreitz@redhat.com>
Subject: Re: [Qemu-devel] [PULL v3 00/38] QAPI patches for 2018-03-12, 2.12 softfreeze
Date: Mon, 19 Mar 2018 14:01:01 -0500	[thread overview]
Message-ID: <6686106c-3866-ede4-b1ae-75bf18a948e8@redhat.com> (raw)
In-Reply-To: <CAFEAcA_gF=tpvZLTJ_K5mU59VzByh7XRJSVHFms2i5RJBH7CoA@mail.gmail.com>

On 03/19/2018 01:43 PM, Peter Maydell wrote:
> On 19 March 2018 at 16:41, Eric Blake <eblake@redhat.com> wrote:
>> The following changes since commit 2c8cfc0b52b5a4d123c26c0b5fdf941be24805be:
>>
>>    Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2018-03-19 11:44:26 +0000)
>>
>> are available in the Git repository at:
>>
>>    git://repo.or.cz/qemu/ericb.git tags/pull-qapi-2018-03-12-v3
>>
>> for you to fetch changes up to ebf1105a7086897da6963edefdb247c80f605424:
>>
>>    qapi: Pass '-u' when doing non-silent diff (2018-03-19 11:32:36 -0500)
>>
>> in v3:
>> rebase to master (a few more qobject_to_qdict() uses crept in)
>> squash in Peter Xu's fixup for test failures
>> [if tests still fail, then I will send a v4 without OOB from 2.12]
>> sending only the patches that changed from v2

> 
> The assert seems to have gone away,

Progress! Peter's OOB patches are working; your ubsan errors are from a 
different part of the series.

> but I get over 10,000 new
> clang sanitizer runtime errors like
> 
>    /visitor/input/large_number:                                         OK
>    /visitor/input/number_keyval:                                        OK
>    /visitor/input/number_str_keyval:                                    OK
>    /visitor/input/number_str_fail:
> /home/petmay01/linaro/qemu-for-merges/qapi/qobject-input-visitor.c:550:12:
> runtime error: member access within null pointer of type 'QNum' (aka
> 'struct QNum')
> OK

> Here's some backtraces for some of those:
> 
> /visitor/input/int_keyval:
> /home/petmay01/linaro/qemu-for-merges/qapi/qobject-input-visitor.c:188:12:
> runtime error: member access within null pointer of type 'QString'
> (aka 'struct QString')
>      #0 0x56375e642549 in qobject_input_get_keyval
> /home/petmay01/linaro/qemu-for-merges/qapi/qobject-input-visitor.c:188:12
>      #1 0x56375e63f76b in qobject_input_type_int64_keyval
> /home/petmay01/linaro/qemu-for-merges/qapi/qobject-input-visitor.c:409:23
>      #2 0x56375e63c13d in visit_type_int
> /home/petmay01/linaro/qemu-for-merges/qapi/qapi-visit-core.c:150:5

Max, this is the qobject_to() macro that is making ubsan gripe :(

     qstr = qobject_to(QString, qobj);

which partially expands to

     qstr = container_of(qobject_check_type(qobj,
        QTYPE_CAST_TO_QString)) ?: QOBJECT((QString *)NULL), QString, base);

I'm guessing that container_of(NULL, type, base) is what ubsan is 
griping at?  Can we rewrite qobject_to() to only call container_of() if 
qobject_check_type() returns non-NULL?

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

     prev parent reply	other threads:[~2018-03-19 19:01 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-19 16:41 [Qemu-devel] [PULL v3 00/38] QAPI patches for 2018-03-12, 2.12 softfreeze Eric Blake
2018-03-19 16:41 ` [Qemu-devel] [PULL v3 07/38] qapi: Replace qobject_to_X(o) by qobject_to(X, o) Eric Blake
2018-03-19 16:41 ` [Qemu-devel] [PULL v3 21/38] monitor: allow using IO thread for parsing Eric Blake
2018-03-19 18:43 ` [Qemu-devel] [PULL v3 00/38] QAPI patches for 2018-03-12, 2.12 softfreeze Peter Maydell
2018-03-19 19:01   ` Eric Blake [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6686106c-3866-ede4-b1ae-75bf18a948e8@redhat.com \
    --to=eblake@redhat.com \
    --cc=mreitz@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).